Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management. Risk Categories Strategic Credit Market Liquidity Operational Compliance/legal/regulatory Reputation.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Risk Management. Risk Categories Strategic Credit Market Liquidity Operational Compliance/legal/regulatory Reputation."— Presentation transcript:

1 Risk Management

2 Risk Categories Strategic Credit Market Liquidity Operational Compliance/legal/regulatory Reputation

3 Operational Risk Inadequate Information Systems Breaches in internal controls Fraud Unforeseen catastrophes The risk of direct of indirect loss resulting from inadequate or failed internal processes, people and systems or from external events.

4 Inadequate Information Systems General Risks Physical access to the hardware Logical access to the IT systems Capacity management - prevents bottlenecks in all relevant systems component Emergency management Insufficient backup recovery measures-mitigate the consequences of system failures

5 Inadequate Information Systems Application-oriented risks 1.Data not correctly recorded due to system errors 2.Data not correctly stored during period of validity 3.Relevant data are not correctly included 4.Calculations which are basis for information are not correct 5.Due to systems failures the information processed by the application is not available in time.

6 Fraud Management Categories 1.Check Fraud 2.Debit card Fraud 3.Electronic Payment Fraud 4.ATM Deposit Fraud 5.Account Take-over/Identity Theft

7 From: http://www.newarchitectmag.com

8 Fraud Management Systems JAM (Java Agents for Meta Learning)

9 Obstacles in detecting Fraud Financial or Human resource shortage High volumes of claims, transactions or other information to be analyzed Cookie-cutter detection methods that miss new or unusual instances Lack of in-house expertise or training

10 Risk Management in E- Banking

11 Technology Developments Advances in communications provide networked global access to information and delivery of products/services Internet has reached critical mass (60% of U.S. households) Some banks have 25 percent of customers banking online Increased competition from other industries and abroad Greater reliance on third party providers Advances in technology make the component functions of banking more easily divisible www.occ.treas.gov

12 Growth in Number of National Banks that Have Transactional Websites Source: Office of the Comptroller of the Currency. “Transactional web sites” are defined as bank web sites that allow customers to transact business. This may include accessing accounts, transferring funds, applying for a loan, establishing an account, or performing more advanced activities.

13 Technology-based Banking Products & Services Balance inquiry Transaction information Funds transfer Cash Management Bill payment Bill presentment Loan applications Stored Value-application: Stored-value cards are a substitute for cash, gift certificates and check payments. Monetary value is added to the stored-value account before the card is used, with the value either being funded by the cardholder directly, or by the card program operator in commercial applications www.occ.treas.gov

14 Technology-based Banking Products & Services Aggregation Electronic Finder Automated clearinghouse (ACH) Transactions Internet Payments Wireless Banking Certification Authority Data Storage-Digital Data Storage (DDS) is a format for storing and backing up computer data on tape that evolved from the Digital Audio Tape (DAT) technology.

15 Key Technology Risks Vendor Risk Issues Security, Data Integrity, and Confidentiality Authentication, Identity Verification, and Authorization Strategic and Business Risks Business Continuity Planning Permissibility, Compliance, Legal Issues, and Computer Crimes Cross Border and International Banking www.occ.treas.gov

16 Security and Privacy Increases in security events and vulnerabilities According to 2001 FBI/CSI survey, 70% reported that the Internet is the point of cyber attacks, up from 59% in 2000 Gramm-Leach-Bliley Act of 1999 requires banks to establish administrative, technical & physical safeguards to protect the privacy of customers’ nonpublic customer records and information www.occ.treas.gov

17 Key Elements of Security Program Reviewing physical and logical security: Review intrusion detection and response capabilities to ensure that intrusions will be detected and controlled Seek necessary expertise and training, as needed, to protect physical locations and networks from unauthorized access Maintain knowledge of current threats facing the bank and the vulnerabilities to systems Assess firewalls and intrusion detection programs at both primary and back-up sites to make sure they are maintained at current industry best practice levels www.occ.treas.gov

18 Key Elements of Security Program Reviewing physical and logical security (cont’d): Verify the identity of new employees, contractors, or third parties accessing your systems or facilities. If warranted, perform background checks. Evaluate whether physical access to all facilities is adequate. Work with service provider(s) and other relevant customers to ensure effective logical and physical security controls. www.occ.treas.gov

19 Authentication Reliable customer authentication is imperative for E- banking Effective authentication can help banks reduce fraud, reputation risk, disclosure of customer information, and promote the legal enforceability of their electronic agreements Methods to authenticate customers: Passwords & PINS Digital certificates & PKI (Public Key Infrastructure) Physical devices such as tokens Biometric identifiers www.occ.treas.gov

20 OCC Technology Risks Supervision Program The Office of the Comptroller of the Currency charters, regulates, and supervises national banks to ensure a safe, sound, and competitive banking system that supports the citizens, communities, and economy of the United States. Guidance -- Focus on risk analysis, measurement, controls, and monitoring Risk-based examinations of banks and third party service providers (as authorized by the Bank Service Company Act of 1962) Training and Technology Integration Project External outreach and co-ordination Licensing process for Internet-primary banks and novel activities www.occ.treas.gov

21 References www.occ.treas.gov www.newarchitectmag.com http://www.cs.columbia.edu/~sal/JAM/PROJECT/ Gerrit Jan van den Brink (2002), Operational Risk: The challenge for banks. http://dinkla.net/fraud/products.html

Download ppt "Risk Management. Risk Categories Strategic Credit Market Liquidity Operational Compliance/legal/regulatory Reputation."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.

Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Comptroller of the Currency Administrator of National Banks Electronic Banking: Industry Developments, Risks and OCC Regulatory Activities Prepared for.

Comptroller of the Currency Administrator of National Banks Electronic Banking: Industry Developments, Risks and OCC Regulatory Activities Prepared for.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
“Electronic Payment System”

“Electronic Payment System”
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Comptroller of the Currency Administrator of National Banks Wireless Banking April 1, 2003 Clifford A. Wilke Director of Bank Technology Office of the.

Comptroller of the Currency Administrator of National Banks Wireless Banking April 1, 2003 Clifford A. Wilke Director of Bank Technology Office of the.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google